Mail Thread Index

• Date Index

• Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492), unlimitsec
• [SECURITY] [DSA 3636-1] collectd security update, Sebastien Delafond
• [SECURITY] [DSA 3634-1] redis security update, Sebastien Delafond
• Huawei eSpace IAD Remote Information Disclosure Vulnerability, ak47464659484
• Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP, Summer of Pwnage
• Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin, Summer of Pwnage
• Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA, Summer of Pwnage
• [SECURITY] [DSA 3637-1] chromium-browser security update, Michael Gilbert
• Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin, Summer of Pwnage
• SQL injection vulnerability in Booking Calendar WordPress Plugin, Summer of Pwnage
• Cross-Site Scripting in Contact Bank WordPress Plugin, Summer of Pwnage
• Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability, Vulnerability Lab
• Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability, Vulnerability Lab
• Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231), David Coomber
• Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin, Summer of Pwnage
• [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c, wpengfeinudt
• [security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information, security-alert
• [security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution, security-alert
• FortiManager (Series) - Multiple Web Vulnerabilities, Vulnerability Lab
• Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities, Vulnerability Lab
• Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability, Vulnerability Lab
• WinSaber - Unquoted Service Path Privilege Escalation, Vulnerability Lab
• Cross-Site Scripting in Uji Countdown WordPress Plugin, Summer of Pwnage
• Cross-Site Scripting in WangGuard WordPress Plugin, Summer of Pwnage
• Arbitrary File Content Disclosure in Atutor, High-Tech Bridge Security Research
• WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5, Maria Lemos
• [SECURITY] [DSA 3638-1] curl security update, Alessandro Ghedini
• [SECURITY] [DSA 3639-1] wordpress security update, Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF), security-alert
• Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability, Secunia Research
• [SECURITY] [DSA 3640-1] firefox-esr security update, Moritz Muehlenhoff
• Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin, Summer of Pwnage
• Cross-Site Scripting in Activity Log WordPress Plugin, Summer of Pwnage
• Cross-Site Scripting in WordPress Landing Pages Plugin, Summer of Pwnage
• FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• FortiManager (Series) - (Bookmark) Persistent Vulnerability, Vulnerability Lab
• [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection, klaus . eisentraut
• [SECURITY] [DSA 3641-1] openjdk-7 security update, Moritz Muehlenhoff
• Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance, Pedro Ribeiro
  • Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance, Pedro Ribeiro
• Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin, Summer of Pwnage
• Cross-Site Scripting in FormBuilder WordPress Plugin, Summer of Pwnage
• Cross-Site Scripting in Count per Day WordPress Plugin, Summer of Pwnage
• Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin, Summer of Pwnage
• [0day] net2ftp multiple XSS on unauthenticated users, Jacobo Avariento
• Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability, Vulnerability Lab
• Subrion v4.0.5 CMS - SQL Injection Vulnerability, Vulnerability Lab
• FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities, Vulnerability Lab
• Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597), Tim Kretschmann
  • <Possible follow-ups>
  • Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597), Tim Kretschmann
• [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20), matthias . deeg
  • <Possible follow-ups>
  • [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20), matthias . deeg
  • [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20), matthias . deeg
• DLL side loading vulnerability in VMware Host Guest Client Redirector, Securify B.V.
• Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability, Summer of Pwnage
• [SECURITY] [DSA 3642-1] lighttpd security update, Sebastien Delafond
• [SECURITY] [DSA 3643-1] kde4libs security update, Salvatore Bonaccorso
• [slackware-security] mozilla-firefox (SSA:2016-219-02), Slackware Security Team
• [slackware-security] stunnel (SSA:2016-219-04), Slackware Security Team
• [slackware-security] curl (SSA:2016-219-01), Slackware Security Team
• [slackware-security] openssh (SSA:2016-219-03), Slackware Security Team
• vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF), Dawid Golunski
• phpCollab v2.5 CMS - SQL Injection Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3644-1] fontconfig security update, Salvatore Bonaccorso
• ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability, Security Alert
• [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1, Pedro Ribeiro
• [SECURITY] [DSA 3645-1] chromium-browser security update, Michael Gilbert
• Nagios Network Analyzer v2.2.1 Multiple CSRF, hyp3rlinx
• Any Video Converter DLL Hijack, hyp3rlinx
• AirSnort v0.2.7 Stack Corruption DOS, hyp3rlinx
• Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability, Vulnerability Lab
• FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability, Vulnerability Lab
• Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities, Vulnerability Lab
• Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin, Summer of Pwnage
• Notepad++6.9.2 DLL Hijacking Vulnerability, mehta . himanshu21
• Nagios NA v2.2.1 XSS, hyp3rlinx
• Internet Explorer iframe sandbox local file name disclosure vulnerability, Securify B.V.
• Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities, CORE Advisories Team
• Microsoft Education - Stored Cross Site Web Vulnerability, Vulnerability Lab
• QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability, Vulnerability Lab
• Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8), Rv3Lab.org
• [SECURITY] [DSA 3646-1] postgresql-9.4 security update, Salvatore Bonaccorso
• Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%, Stefan Kanthak
• [SECURITY] [DSA 3647-1] icedove security update, Moritz Muehlenhoff
• [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel, Maxim Solodovnik
• [security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS), security-alert
• [security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution, security-alert
• [SECURITY] [DSA 3648-1] wireshark security update, Moritz Muehlenhoff
• WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity, hyp3rlinx
• WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION, apparitionsec
• WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT, hyp3rlinx
• WSO2-CARBON v4.4.5 CSRF / DOS, hyp3rlinx
• OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET), hamedizadi
  • <Possible follow-ups>
  • OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET), hamedizadi
  • OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET), hamedizadi
• Linksys E1200 and E2500 (Missing authorization on parental control), samhuntley84
• Linksys E2500 and E1200 (Unauth Command Injection), samhuntley84
• Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70, tal argoni
• Stash v1.0.3 CMS - SQL Injection Vulnerability, Vulnerability Lab
• PayPal Inc BB #127 - 2FA Bypass Vulnerability, Vulnerability Lab
• Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass, reggie . dodd30
• Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries, Summer of Pwnage
• Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images, Summer of Pwnage
• Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images, Summer of Pwnage
• Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin, Summer of Pwnage
• Cross-Site Scripting vulnerability in Google Maps WordPress Plugin, Summer of Pwnage
• Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin, Summer of Pwnage
• Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin, Summer of Pwnage
• Ajax Load More Local File Inclusion vulnerability, Summer of Pwnage
• Cross-Site Scripting in Link Library WordPress Plugin, Summer of Pwnage
• Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin, Summer of Pwnage
• Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin, Summer of Pwnage
• [security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information, security-alert
• [security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution, security-alert
• [security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities, security-alert
• Lepton CMS Archive Directory Traversal, hyp3rlinx
• Lepton CMS PHP Code Injection, hyp3rlinx
• [ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials, ERPScan inc
• [ERPSCAN-16-023] Potential backdoor via hardcoded system ID, ERPScan inc
• [SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79), Micha Borrmann
• Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3649-1] gnupg security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3650-1] libgcrypt20 security update, Salvatore Bonaccorso
• Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access, Andrew Klaus
• [SYSS-2016-052] QNAP QTS - OS Command Injection, bugtraq
• [SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite, bugtraq
• [SYSS-2016-048] QNAP QTS - OS Command Injection, bugtraq
  • <Possible follow-ups>
  • [SYSS-2016-048] QNAP QTS - OS Command Injection, bugtraq
  • [SYSS-2016-048] QNAP QTS - OS Command Injection, bugtraq
• [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting, bugtraq
  • <Possible follow-ups>
  • [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting, bugtraq
• [SYSS-2016-054] QNAP QTS - OS Command Injection, bugtraq
  • <Possible follow-ups>
  • [SYSS-2016-054] QNAP QTS - OS Command Injection, bugtraq
• [SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting, bugtraq
• [SYSS-2016-055] QNAP QTS - OS Command Injection, bugtraq
• [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting, bugtraq
  • <Possible follow-ups>
  • [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting, bugtraq
• [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method, Justin Bull
• Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client, Florian Bogner
• Path traversal vulnerability in WordPress Core Ajax handlers, Summer of Pwnage
• [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities, security-alert
• [slackware-security] gnupg (SSA:2016-236-01), Slackware Security Team
• nullcon 8-bit Call for Papers is open, nullcon
• WebKitGTK+ Security Advisory WSA-2016-0005, Carlos Alberto Lopez Perez
• SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise, SEC Consult Vulnerability Lab
• APPLE-SA-2016-08-25-1 iOS 9.3.5, Apple Product Security
• [SECURITY] [DSA 3652-1] imagemagick security update, Moritz Muehlenhoff
• Necroscan <= v0.9.1 Buffer Overflow, hyp3rlinx
• [SECURITY] [DSA 3654-1] quagga security update, Sebastien Delafond
• Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2, submit
• [security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information, security-alert
• [slackware-security] kernel (SSA:2016-242-01), Slackware Security Team
• [security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS), security-alert